So i wanted to edit the below entries so that the pods in my gke cluster can communicate to a sql server in the same subnet. The sql server being in a GCP VM.
The cluster is created by google as part of the composer creation. So this cluster is automatically created by google when the composer was provisioned.
According to the official documentation, Autopilot clusters do not allow modifications to Google-managed Egress NAT Policies, including those automatically created for Composer-managed GKE clusters. This restriction is enforced by GKE Warden, which blocks any attempts to edit protected resources such as egressnatpolicies. The error you’re encountering is most likely due to an attempt to modify one of these restricted policies.
I agree with @Mokit’s response.Additionally, GKE supports two automatically generated Egress NAT policies:
Managed by GKE that are fixed and are not editable.
Default policies that are editable.
The documentation that you were following shows how to edit and deploy an Egress NAT policy by editing the default policy or by creating an Egress NAT Policy.
Please note that on September 15, 2026, all Cloud Composer 1 and Cloud Composer 2 version 2.0.x environments will reach their planned end of life, and you will not be able to use them. We recommend planning migration to Cloud Composer 3.
In addition, according to Cloud Composer Documentation, Cloud Composer 2 networking features are no longer relevant in Cloud Composer 3. For guidance, you can refer to the following comparison between Cloud Composer 2 and Cloud Composer 3 networking.
Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.